Search code examples
apacheyumrhel

Apache version 2.2 and security vulnerabilities

A penetration test has recently identified that one of our RHEL(6.7) servers running Apache 2.2.15 is vulnerable on a number of points and needs to be updated to the latest version 2.4. I have run yum update and it says that there are no packages marked for update. I understand that I will need to download the updates manually. There are a few questions I have around the requirement to upgrade Apache.

  1. I am up to date on the 2.2 version tree. Does this mean that any security patches made to version 2.4 will be back patched to version 2.2.X as well?
  2. I am running PHP (version 5.3.3) and MySQL (version 5.1.73) - will these be affected by upgrading the Apache version (Google tells me that there is no problem on both fronts - but I thought I'd ask before I started down this route).
  3. If you experts tell me that I have no other choice but to upgrade, then I'm planning on using the instruction set here: https://unix.stackexchange.com/questions/138899/centos-install-using-yum-apache-2-4

Thank you in advance for your advice.

Solution

  • You could download the 2.4 source code from the Apache site and compile it. There's a setting which will configure for RedHat:

    --enable-layout=RedHat

    This setting will configure the paths for executables, configuration files, libraries etc in one go.

    The following should be a reasonable starting point for a configuration line:

    sh ./configure --enable-layout=RedHat --enable-mods-shared=all

    then perform a make and make install

    Do the same with a newer version of PHP (5.3.29 is available in the "old downloads" section, but try a newer version. Check the changes first though) and your problems should be lessened. Finally, MySQL or MariaDB is available for download and compilation too

    Obviously, try all of this on a test machine first and back everything up. Your test machine should be as close as possible to your production machine. If you use something like VirtualBox to try it, you can take a snapshot at each point of the process and rollback if something goes wrong